MindGrove - the Audit and Risk SpecialistsMindGrove Training page - header image of people

 Home
 About us
 Training
bullet pointIn-house training
 ... by category
 ... a to z listing
 Public courses 2012
 Download brochure
 eLearning
 Consultancy
 Resources
 Clients
 Contact us
















Delivery and Control of Electronic Systems

Most organisations are reliant on the delivery of services and applications through electronic means. This unique and very intensive seminar style course brings together the commonest systems, to help an auditor’s all round understanding of the risks and core controls associated with electronic systems.

 

Suitability and duration

Suitability: Intermediate

Duration: 2 days

 

Who should attend

This course is designed for all comers; however, those with at least six months of IT Audit experience will find the course easier to follow. The maximum number of people attending any particular event will be limited to ensure a high level of interaction and discussion.

This is a seminar style course with an ambitious syllabus and limited opportunity for practical work in a two day format. The course can be enhanced to a three day format that gives the opportunity for practical case work.

 

Benefits

Skills

After completion of this course, you will be able to:

  • Demonstrate an understanding of the infrastructure of electronic service delivery systems
  • Evaluate the risks and audit one way and two way electronic services and applications
  • Appreciate how E-systems operate and the risks that threaten their operations
  • Audit a wide range of E-applications and services
  • Evaluate the usefulness and value of cryptographic protection in the protection of electronic systems’ data

 

Support Materials

This course is accompanied by a manual that includes full briefing notes.

 

Programme

Electronic service infrastructure and risks

  • Hardware considerations: load balancers, web-servers, routers, firewalls, other appliances and services – issues and risks
  • Database and application servers – issues and risks
  • Software considerations: software environments, scripts, applets and components, cookies, registration and personalisation – issues and risks
  • Typical electronic service delivery network structures: web based materials; web based applications – issues and risks
  • Client server systems – two and three tier – issues and risks
  • Middleware technologies – issues and risks
  • Unwired services – issues and risks
  • Auditing infrastructures – a model approach 

 

One-way services – such as website retrieved materials and risks

  • Web servers, WAP servers, information kiosks, text to phone, other information feeds – issues and risks
  • Structuring of materials and intellectual content – issues and risks
  • Active X, OLE, Flash, and scripting content – issues and risks
  • Navigational and W3C accessibility issues – issues and risks
  • Controlling anonymous web browsing users – issues and risks
  • Site stability and refreshment – issues and risks
  • Auditing one way services – a model approach

 

Two-way services – such as web based applications and risks

  • Web based applications, applets, java code and scripts, server side scripting – issues and risks
  • Forms design and data transmission – issues and risks
  • Data validation – issues and risks
  • Sensitive data content – issues and risks
  • Browser and W3C accessibility issues – issues and risks
  • Strategies for testing and acceptance – issues and risks
  • Security credentials: issue and control – issues and risks
  • Cookie controls – issues and risks
  • Authentication strategies: unilateral and bilateral control – issues and risks
  • Client server security – issues and risks
  • Component issues and integration of services – issues and risks
  • Auditing two way services – a model approach

 

Example application systems and risk based issues

  • E-procurement operations and risks
  • E-commerce operations and risks
  • E-ticketing operations and risks
  • E-kiosk operations and risks
  • E-quoting systems operations and risks
  • E-tracking operations and risks
  • E-voting systems operations and risks
  • ERP systems operations and risks
  • Managed payment services
  • Auditing E-systems

 

Safe delivery and control of sensitive data

  • Lawful usage and collection of sensitive and private data
  • Implementation of cryptographic strategies to protect the safe network transport of private and sensitive data
  • Implementation of cryptographic strategies to protect media storage of sensitive and private data
  • Implementation of cryptographic strategies to protect mobile devices and wireless network used in the provision of e-Services
  • Evaluating the usefulness and deployment of cryptographic services 

 

 

  Call us on +44 (0) 1925 730 200Site map | Contact us 
© 2012 MindGrove Ltd. All rights reserved
 Valid XHTML 1.0 TransitionalValid CSS!